Hacktivist Tactics Raise Ethical Questions

By Anthony M. Freed, Director of Business Development at Infosec Island

Recently we have witnessed the emergence of international hactivist and vigilante “the Jester” through his crusade against jihadi and militant Islamic networks and some third party networks that contain evidence of having been infiltrated by rogue elements.

Jester’s activities raise an important question: Where do cyber vigilantes fall on the infosec ethics spectrum?

That is the issue my fellow editors and I have been wrestling with while considering our options for covering the Jester’s exploits.

On the one hand, he is acting against some very unsympathetic targets, including the website of the Iranian president. But on the other hand, he is employing what would be considered Black Hat tactics which violate multiple international and domestic laws, as well as possibly interfering with covert intelligence operations.

Since the publication of Richard Stiennon’s article which introduced most of us to the Jester and his cause, there have been a flurry of opinions offered in multiple threads that both praise and denounce Jester’s conduct.

Stiennon asks and answers the question for himself near the conclusion of his article: “In the absence of a lawful society is vigilantism wrong? Certainly there are many players on both sides of cyber conflicts that feel strongly about their purpose. But in the final analysis I have to say that taking down websites is unlawful and wrong. And, in this case, taking down Jihadist sites may hurt The Jester’s cause.”

I for the most part personally agree with Richard’s assessment.

But in the absence of context, if the only real ethical measure is the lawfulness of an action, we would never have seen progress in society’s evolution away from institutions like slavery or child labor.

Lawfulness seems an inadequate assessment method.

Subsequent to Richard’s article, I began a series of IM chats with Jester in an effort to uncover more about his methods and motivations.

Obfuscation for security reasons aside, the Jester seems to be a sincere, impassioned individual who genuinely believes his efforts are noble and justified by the barbarism of the terrorist tactics he witnessed as a soldier.

On multiple occasions now, Jester has made reference to the horror of watching his friends and fellow soldiers be “murdered” by jihadi operatives who have long been exploiting the internet and its accessibility to coordinate terrorist operations.

The feeling I get from our conversations is that the Jester is on a very personal mission to inflict some semblance of pain of on those who are actively working to harm and kill… well, you and me.

Jester also claims to be sharing the location of secret deposits of information he has found planted on legitimate sites in the US, unbeknownst to the site owners, by jihadi hackers.

Some of these hidden files contain information on everything from how to produce an improvised explosive device (IED) to long anti-western rants said to possibly have phrasing combinations used to prompt sleeper cells into action.

The bad guy’s bad is definitely much worse that the good guy’s bad here, and that does play awfully well for the Jester.

Also, the unique methods the Jester is using could more than theoretically be employed by our foes to wreak havoc on our own systems, and so there may be much to learn from this character that can employed for our own best defenses.

And so, after much consideration, we decided that we should indeed pursue this story and our regular contact with the Jester, as the news value of the information provided far outweighs any risk of somehow seeming to improperly glorify taboo infosec practices.

The following is the first installment of my conversations with the Jester.

Q: Who are you targeting with your DoS attacks and why?

"Targets are rife, but I vet every single one. I am tipped off via various channels. But I verify all targets. What constitutes a target?

I 'target' known sites that recruit and co-ordinate attacks. They can't use cell phones anymore - they use the web - it's the anonymous playground.

You can have sleeper cell operative who is watching a jihad forum for a certain phrase. That phrase activates him to do whatever his task is."

Q: Why take them up and down, why not just knock them out?

"These ops are time sensitive. My task is to make their chosen communication method unreliable.
By taking them down at random intervals, for random intervals, they can’t rely on them -they become unreliable and useless.

Because they never know when or where I strike from, and because it’s random, the intel agencies can still gather their (questionable) intel."

Q: Critics say you do more harm than good – your reply?

"Some critics have said that I will only drive them underground, Well is that not the best thing to do for recruiters?

If you take the position that online jihadi propaganda, proselytization, and interaction is increasingly important in jihadi recruitment, then why is it bad to drive them back into the shadows online? That’s a key principle of COIN.

Underground they can’t reach the masses; therefore they are less effective at recruiting. An underground recruiter is less dangerous than an overground one."

Q: You are all over Twitter - what about an Islamic group’s right to free speech?

"Well the internet is all about freedom of speech, which is a concept I support.

Freedom of speech is one thing, but when bad dudes use our internet, on servers hosted in our country, or continent - because they have no infrastructure of their own to do it - that’s a different matter

As for their freedom of speech, if that’s all they want, then please speak freely

Just make sure there is no recruiting or co-ordination going on. Now do you see my point?"

Q: Where do you see yourself from an ethical perspective?

"This the first time I have really quantified my reasoning - to anyone.

My plan is to disrupt, not destroy – to make their methods unreliable, make them not trust the only medium left to them.

I do wrestle with whether what I am doing is right, but figure if I can make their communications unreliable for them, all the better."

Now a question for the readers: What do you think? Is Jester to be characterized as the cliché outlaw hero who dishes out his own personal brand of justice on the bad guys?

Or is he – as some critics have labeled him – just a miscreant with script-kiddy tactics, meddling where he has no business to meddle?

Cast your vote by taking out Latest Poll: The Jester - Is he a Patriot or a Criminal? (Logged in users only)

Submit your comments or questions for Jester below, and stay tuned for more installments of my IM chats on Information-Security-Resources.com, now part of the InfosecIsland.com Network.

Anthony M. Freed
Your line brings up an important point Lance - Ol' Ronnie was singing about Watergate just a line before - it took a criminal act to expose the criminal Nixon administration.

Jester is just another in a long line of antiheroes - there will be more...

1264721439

Terry Perkins
I love the Ronnie VanZant quote. Thanks Lance! This is a tough one. I think DISRUPTING or making their communications unreliable is good. I see it from both sides of the ethical question.

1265123644

Buzz Hillestad
Guys, seriously, we are at war and you are debating ethics?!? When was the last time war was ethical at all? Ethics should not be the question here. They guy is doing a service to his country and isn't even getting paid for it. He is a true patriot.

1265127654

Anthony M. Freed
Buzz - for the most part, I agree with you. I am only concerned that Jester may interfere with Intel Ops on those same targets - else, go get 'em!

1265128233

Terry Perkins
Buzz, I agree, as well. However, as security professionals it is a good discussion but by all means, Jester should go for it. I'm sure he sleeps just fine!

"In the online world where personal information in extremely large volumes is merchandise for organized crime, where law enforcement is more focused on building war-rooms and appointing cyber security tzars, and where everyone leaves a digital footprint, cyber vigilantes have become something like worshiped heroes…"

Cindy Roux
What moral code is it that you follow, Master Jester? Whom do you serve?

1268165610

Anthony M. Freed
Cindy - From my conversations with Jester, he feels he serves soldiers and civilians in the line of fire.

Stay tuned for Video number two - coming this week...

1268167595

Cindy Roux
Which soldiers? Think in the broadest sense of the word. Are we not all soldiers? "Common interests for good...who's good?"

1268174702

Ted LeRoy
The cyber world is just as valid a place for espionage and sabotage as any other realm of communications or social interaction. I appreciate what the Jester does. Unfortunately, since he's going it on his own, he's somewhat unprotected from both personal safety and legal perspectives.

Good luck Jester, and be safe!

Cindy, as a retired U.S. Navy Chief with a son who is an Infantry Marine, I think I favor a more restrictive view of who the soldiers are.

1268192531

Anthony M. Freed
Ah yes - I have seen many of these Jester threads end up in an exploration of moral relativism.

All I know is that there are people out there i have never met, never crossed, and never harmed who want to kill me.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.